Staff Member

I've moved this post to it's own thread. I'm not sure that temporarily excluding a file name from the password protection feature is a good option from a security perspective. What are your thoughts on that? Note that you can find further discussion of this topic, and a workaround to this issue at:

What about simply moving the application to a new folder like, /public_html/secure/ instead of just /public_html and adding a wildcard redirect excluding lets encrypt/comodo verifications. This won't work for everyone but might help in some cases.

Staff Member

What about simply moving the application to a new folder like, /public_html/secure/ instead of just /public_html and adding a wildcard redirect excluding lets encrypt/comodo verifications. This won't work for everyone but might help in some cases.

Click to expand...

This might work as a user-submitted workaround in some cases, but moving a directory could open up the potential for additional problems if something goes wrong (e.g. the server stops responding in the middle of the move).